Governance Risk & Compliance Manager

CHG Healthcare

  • Midvale, UT
  • $197,100 per year
  • Permanent
  • Full-time
  • 7 days ago
Healthcare’s helping hand.CHG shook things up in 1979 by inventing the locum tenens staffing model. We connect doctors with patients who need their care. As the largest physician staffing firm in America, our providers treat millions of patients each year.Our industry is growing and demand is high. This means you’ll have plenty of opportunities to grow and develop in your career. Keeping healthcare healthy can be as fun as it is rewardingThe Manager of GRC leads the design, implementation, and continuous improvement of the organization’s Governance, Risk, and Compliance program. Acting as a central liaison between senior leadership, business units, auditors, and regulators, the role ensures that strategic objectives are met while legal, regulatory, and contractual obligations are satisfied. The ideal candidate combines deep knowledge of risk management frameworks with strong communication and project management skills.ResponsibilitiesGovernanceDevelop, maintain and socialize enterprise-wide GRC policies, standards and proceduresFacilitate cross-functional steering committees; provide regular risk and compliance reporting to executives and the boardAlign the GRC program with business strategy, ensuring clear accountability across departmentsRisk Management
  • Own the full risk management lifecycle: identification, assessment, treatment, monitoring and reporting
  • Maintain the enterprise information security risk register and conduct periodic risk reviews using industry frameworks
  • Lead scenario analyses and business impact assessments (BIA); recommend and track mitigation plans
  • Implement financial loss expectancy models for quantitative risk assessment
Compliance & Audit
  • Manage external audits and assessments (e.g., SOC II) from scoping through remediation
  • Monitor emerging regulatory changes (GDPR, CCPA/CPRA, etc.) and advise stakeholders on required controls
  • Coordinate third-party attestation activities and maintain evidence demonstrating compliance
  • Support the enterprise through unified audit lifecycle management
Policy & Control Framework
  • Map regulatory and contractual requirements to internal controls; oversee control testing, maturity scoring and improvement initiatives
  • Partner with Information Security to integrate technical controls—such as IAM, vulnerability scanning and incident response—into the GRC platform
  • Ensure policies are reviewed, approved and communicated on a defined cadence
Training & Awareness
  • Design and deliver ongoing risk and compliance training for employees, contractors and key vendors
  • Promote a culture of compliance and ethical behavior through targeted campaigns and leadership engagement
Team Leadership & Vendor Management
  • Lead, mentor and develop a team of analysts or specialists; set goals and measure performance
  • Evaluate and manage GRC software tools and third-party risk management solutions
  • Oversee budgets related to compliance initiatives and external consulting support
QualificationsDeep understanding of security control frameworks (SOC II, ISO 27001, NIST)Experience with regulatory compliance requirements (GDPR, CCPA/CPRA)Proficiency with GRC platforms and risk management toolsUnderstanding of technical security controls and their implementationExcellent written and verbal communication skills with ability to translate technical concepts for business audiencesStrong project management skills with ability to manage multiple concurrent initiativesDemonstrated ability to influence and build consensus across organizational boundariesCritical thinking and problem-solving capabilitiesDetail-oriented with strong organizational skillsEducation & Experience
  • 5+ years of experience in GRC, risk management, compliance, or information security
  • 2+ years of experience leading or managing audit engagements (SOC II preferred)
  • Experience building GRC programs in healthcare technology or SaaS environments
PreferredExperience in healthcare or healthcare technology industryExperience with enterprise risk management frameworksTrack record of successful SOC II Type II implementationsExperience managing distributed teams across multiple business unitsWe believe in fair compensation for all of our people, which is why our pay structure takes into account the cost of labor across U.S. geographic markets. For this position, we offer a pay range of $102,100-- $197,100 annually, with pay varying depending on work location and job-related factors such as knowledge, position level and experience. During the hiring process, your recruiter can provide more information about the specific salary range for the job location.CHG Healthcare offers starting salaries for sales positions in the form of total target compensation (TTC = base + commission + bonus), which includes base pay, commission, and bonuses. Sales positions receive short-term incentives through commission plans and bonuses. On the other hand, non-sales positions have starting salaries that consist of a base salary and short-term incentives through various bonus plans, which are paid out monthly, quarterly, or annually.#LI-MJ1In return we offer:
  • 401(k) retirement plan with company match
  • Traditional healthcare benefits such as medical and dental coverage, and some unique benefits like onsite health centers, corporate wellness programs, and free behavioral health appointments.
  • Flexible work schedules - including work-from-home options available
  • Recognition programs with rewards including trips, cash, and paid time off
  • Family-friendly benefits including paid parental leave, fertility coverage, adoption assistance, and marriage counseling
  • Tailored training resources including free LinkedIn learning courses
  • Volunteer time off and employee-driven matching grants
  • Tuition reimbursement programs
CHG Healthcare values a diverse and inclusive workforce. Interested in this role but not a perfect fit? Apply anyway.We welcome applicants of any race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status and individuals with disabilities as an Affirmative Action/Equal Opportunity Employer. We are an at-will employer.What makes CHG Different?

CHG Healthcare